package com.micro.service.gateway.config.oauth2;

import com.micro.service.common.constants.LoginConstant;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

/**
 * @author lvxiucai
 * @description 资源服务器配置
 * @date 2019/8/16
 */
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    private OAuth2AuthenticationProcessingFilter resourceFilter;

    private AuthenticationManager authenticationManager;

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Autowired
    private RemoteTokenServices customRemoteTokenService;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        resourceFilter = new OAuth2AuthenticationProcessingFilter();
        authenticationManager = new AuthenticationManager() {
            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {

                return customRemoteTokenService.loadAuthentication(authentication.getPrincipal().toString());
            }
        };
        resourceFilter.setAuthenticationManager(authenticationManager);
        http.authorizeRequests()
//                .anyRequest().permitAll()  //当本地测试什么接口都不需要校验token时打开注释
                    .antMatchers(LoginConstant.IGNORE_LOGIN_URLS).permitAll()
                .and()
                    .authorizeRequests()
                    .antMatchers(LoginConstant.NEED_LOGIN_URLS).authenticated()
                .and()
                    .addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
                   .csrf().disable()
                ;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(resourceId).stateless(true);
    }




}
